linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linkerd2/cli/cmd
History
Alejandro Pedraza bd8d47226d
DNS rebinding protection for the dashboard (#3644) 
* DNS rebinding protection for the dashboard

Fixes #3083 and replacement for #3629

This adds a new parameter to the `linkerd-web` container `enforcedHost`
that establishes the regexp that the Host header must enforce, otherwise
it returns an error.

This parameter will be hard-coded for now, in `linkerd-web`'s deployment
yaml.

Note this also protects the dashboard because that's proxied from
`linkerd-web`.

Also note this means the usage of `linkerd dashboard --address` will
require the user to change that parameter in the deployment yaml (or
have Kustomize do it).

How to test:
- Run `linkerd dashboard`
- Go to http://rebind.it:8080/manager.html and change the target port to
50750
- Click on “Start Attack” and wait for a minute.
- The response from the dashboard will be returned, showing an 'Invalid
Host header' message returned by the dashboard. If the attack would have
succeeded then the dashboard's html would be shown instead.

Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
 		2019-10-31 11:51:25 -05:00
..
testdata DNS rebinding protection for the dashboard (#3644) 2019-10-31 11:51:25 -05:00
check.go Add a flag to install-cni command to configure iptables wait flag (#3066) 2019-08-15 12:58:18 -07:00
check_test.go Output check result as json (#2666) 2019-05-20 09:04:28 -07:00
completion.go CLI help updates: non-experimental auto-inject; unhide install-cni (#2319) 2019-02-18 15:32:46 -08:00
completion_test.go Bump proxy-init to 1.2.0 (#3397) 2019-09-09 09:06:14 -07:00
dashboard.go Add '--address' flag to 'linkerd dashboard'. (#3274) 2019-09-05 10:56:10 -07:00
doc.go Generate CLI docs for usage by the website (#2296) 2019-02-15 13:28:31 -08:00
edges.go Introduce -A as a shorthand for --all-namespaces (#3125) 2019-07-24 07:50:22 -07:00
edges_test.go Add unit test for edges API endpoint (#3306) 2019-08-23 09:28:02 -07:00
endpoints.go Have `linkerd endpoints` use `Destination.Get` (#2990) 2019-07-03 09:11:03 -05:00
endpoints_test.go Have `linkerd endpoints` use `Destination.Get` (#2990) 2019-07-03 09:11:03 -05:00
get.go Introduce -A as a shorthand for --all-namespaces (#3125) 2019-07-24 07:50:22 -07:00
get_test.go Fix most golint issues that are not comment related (#1982) 2018-12-20 10:37:47 -08:00
inject.go Add inject support for namespace configs (Fix #3255) (#3607) 2019-10-30 10:18:01 -05:00
inject_test.go Add inject support for namespace configs (Fix #3255) (#3607) 2019-10-30 10:18:01 -05:00
inject_util.go Fix inject with path and add tests (#3038) 2019-07-05 09:26:25 -05:00
install-cni-plugin.go Add a flag to install-cni command to configure iptables wait flag (#3066) 2019-08-15 12:58:18 -07:00
install-cni-plugin_test.go proxy: Upgrade to identity-capable proxy (#2524) 2019-03-19 14:20:39 -07:00
install-sp.go Add cluster domain cli flag (#3360) 2019-09-19 16:08:50 -07:00
install-sp_test.go Add cluster domain cli flag (#3360) 2019-09-19 16:08:50 -07:00
install.go Control Plane Trace configuration (#3539) 2019-10-25 11:42:30 -07:00
install_helm_test.go Control Plane Trace configuration (#3539) 2019-10-25 11:42:30 -07:00
install_test.go Cert manager support (#3600) 2019-10-24 13:15:14 -07:00
logs.go Update to client-go v12.0.0, forked stern (#3387) 2019-09-10 11:04:29 -07:00
logs_test.go Introduce inject integration tests (#2616) 2019-04-05 11:42:49 -07:00
main_test.go Introduce inject integration tests (#2616) 2019-04-05 11:42:49 -07:00
metrics.go Correct definition of Less function in CLI's metrics command(#3533) (#3534) 2019-10-15 14:21:10 -07:00
profile.go Add LINKERD2_PROXY_DESTINATION_GET_SUFFIXES (#3277) 2019-08-21 14:28:30 -07:00
profile_test.go Allow setting custom cluster domain in service profiles (#3148) 2019-08-07 09:49:54 -07:00
public_api.go Introduce `linkerd --as` flag for impersonation (#3173) 2019-07-31 16:05:33 -07:00
root.go Add Collector Flags for inject cmd (#3588) 2019-10-24 10:16:13 -07:00
routes.go add service profile integration tests for service profile metrics (#2685) 2019-04-18 11:01:49 -07:00
routes_test.go lint: Enable goconst (#2365) 2019-02-25 12:00:03 -08:00
stat.go Add trafficsplit metrics to CLI (#3176) 2019-08-14 10:30:57 -07:00
stat_test.go Add trafficsplit metrics to CLI (#3176) 2019-08-14 10:30:57 -07:00
tap.go Add TapEvent headers and trailers to the tap protobuf (#3410) 2019-09-29 09:54:37 -07:00
tap_test.go Add TapEvent headers and trailers to the tap protobuf (#3410) 2019-09-29 09:54:37 -07:00
top.go Update `linkerd profile --tap` to Tap APIService (#3187) 2019-08-02 12:44:58 -07:00
uninject.go Promote the shared injection check to the CLI and webhook (#2555) 2019-03-27 14:51:05 -07:00
uninject_test.go Fix uninject (#3236) 2019-08-13 15:06:21 -05:00
upgrade.go Cert manager support (#3600) 2019-10-24 13:15:14 -07:00
upgrade_test.go Cert manager support (#3600) 2019-10-24 13:15:14 -07:00
version.go Use port-forwarding for linkerd CLIs (#2757) 2019-05-02 14:41:26 +02:00
version_test.go Use port-forwarding for linkerd CLIs (#2757) 2019-05-02 14:41:26 +02:00